# #44 - Talk to Aikido Autofix, Pentest Threat Model and support for Alibaba Cloud ### Features * [Talk to Aikido AutoFix](https://help.aikido.dev/aikido-autofix/refine-autofixes-with-aikido-ai): Refine with Aikido AI lets you iteratively adjust AutoFixes using natural language. Adapt AutoFixes to your code style without leaving Aikido. * [Pentest Threat Model](https://help.aikido.dev/pentests/coverage-and-findings/threat-model): A real-time, transparent view of your attack surface and how your application's security posture will be tested. * [Alibaba Cloud](https://help.aikido.dev/cloud-scanning/connect-your-cloud/alibaba-cloud-scanning/connect-alibaba-account): Aikido now supports finding configuration issues in Alibaba Cloud, scan for misconfigs, exposed resources, and risky settings across your entire environment. ### **Aikido Intel - Malware & Vulnerability Database** Our research team discovered more than [#102 new vulnerabilities](https://intel.aikido.dev) over the last two weeks! [Glassworm is back](https://www.aikido.dev/blog/glassworm-returns-unicode-attack-github-npm-vscode) with new attack campaigns targeting npm, GitHub, and VSCode ecosystems, including Unicode-based obfuscation techniques and [malicious React packages harvesting phone numbers](https://www.aikido.dev/blog/glassworm-strikes-react-packages-phone-numbers). ### Improvements * SAST - [Add Custom Context on SAST Rules to improve AutoTriage](https://help.aikido.dev/getting-started/general-information/custom-code-context-for-sast-rules) * Cloud & VM - CVEs are now displayed on the VM attack path diagrams * MCP - [Aikido Claude Plugin](https://github.com/AikidoSec/aikido-claude-plugin) * Integrations - Jira / Task trackers * [Map Teams to Projects](https://help.aikido.dev/getting-started/task-management-systems/advanced-functionalities/smart-issue-routing-map-repositories-to-projects-in-your-task-manager) * Custom Priority mapping * Zen Firewall - Agent releases for [Dotnet](https://github.com/AikidoSec/firewall-dotnet/releases), [Java](https://github.com/AikidoSec/firewall-java/releases), [Python](https://github.com/AikidoSec/firewall-python/releases), and [Golang](https://github.com/AikidoSec/firewall-go/releases) * IDE - New releases for [VSCode](https://marketplace.visualstudio.com/items?itemName=AikidoSecurity.aikido), and [Jetbrains](https://plugins.jetbrains.com/plugin/24993-aikido-security/versions/stable) * [Betterleaks](https://github.com/betterleaks/betterleaks): Aikido is sponsoring the next iteration of Gitleaks with more features, improved accuracy, and 5.2x better performance versus Gitleaks. * API - List attack surface subdomains * API - Webhook for manual severity changes * API - Unlink container from repository * API - Get AI Pentest issue details --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.aikido.dev/changelog/q1-2026/44-talk-to-aikido-autofix-pentest-threat-model-and-support-for-alibaba-cloud.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.